Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/410d94-af78-4397-adfe-48d738c5947d/1/NRAq01Sd_CtlNwktqIvCtODPpfc.roa
File:                     NRAq01Sd_CtlNwktqIvCtODPpfc.roa (raw, json)
Hash identifier:          Yl3Gifw3dnAnYNdDOG/b0mVJzYI14+FcAA9h8Z7oBDc=
Subject key identifier:   35:10:2A:D3:54:9D:FC:2B:65:37:09:2D:A8:8B:C2:B4:E0:CF:A5:F7
Certificate issuer:       /CN=99d3a2d6fad651678e96d24e24d19d71fe380409
Certificate serial:       018573716FF7AC59543F5F04C13C70E51F41
Authority key identifier: 99:D3:A2:D6:FA:D6:51:67:8E:96:D2:4E:24:D1:9D:71:FE:38:04:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mdOi1vrWUWeOltJOJNGdcf44BAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/410d94-af78-4397-adfe-48d738c5947d/1/NRAq01Sd_CtlNwktqIvCtODPpfc.roa
Signing time:             Mon 02 Jan 2023 17:04:52 +0000
ROA not before:           Mon 02 Jan 2023 17:04:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     13043
IP address blocks:        164.60.0.0/16 maxlen: 24
                          164.59.128.0/23 maxlen: 24
                          164.59.130.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 26 May 2023 12:50:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:71:6f:f7:ac:59:54:3f:5f:04:c1:3c:70:e5:1f:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99d3a2d6fad651678e96d24e24d19d71fe380409
        Validity
            Not Before: Jan  2 17:04:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=35102ad3549dfc2b6537092da88bc2b4e0cfa5f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:32:b7:23:71:1d:7f:5b:4c:4b:17:fa:1a:98:
                    fe:d5:08:98:5f:e8:24:c6:4b:cd:7e:35:e6:ca:5d:
                    3f:17:be:f3:53:3d:94:b4:54:98:ad:83:fb:af:8a:
                    10:da:1e:4b:3e:14:02:94:4e:57:fa:99:f1:35:52:
                    cd:7e:1b:a2:51:2e:e9:e6:c4:a0:4f:37:cd:04:90:
                    51:87:67:28:0f:52:cd:1d:5e:c7:1b:af:01:90:f6:
                    0c:69:e7:01:5a:bf:44:9b:01:73:9d:ae:51:35:63:
                    41:b8:eb:9c:a4:b1:ec:2f:02:4e:d3:be:91:b0:59:
                    59:86:a6:84:6a:82:32:94:30:7b:43:74:1e:65:d2:
                    fe:ee:5b:b7:95:57:57:98:14:8a:f8:a4:97:5b:ab:
                    cd:b9:6c:0c:b1:90:4b:a4:91:8d:82:77:67:3f:77:
                    64:2e:b2:20:18:73:7b:a2:06:58:4c:f9:43:e1:f6:
                    59:fe:39:4f:fe:d4:34:ac:f5:7b:88:e4:d0:c2:cb:
                    7f:61:7e:95:02:74:80:34:85:53:8c:57:f8:c0:62:
                    3e:25:6a:2a:27:0e:9b:b1:df:26:b0:23:c2:0d:ef:
                    47:cc:3b:35:4e:6d:d3:3b:15:5c:d5:0a:3e:56:46:
                    c0:43:dc:82:80:d8:4f:3b:9b:c0:0b:12:7e:a8:3c:
                    e0:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:10:2A:D3:54:9D:FC:2B:65:37:09:2D:A8:8B:C2:B4:E0:CF:A5:F7
            X509v3 Authority Key Identifier:
                keyid:99:D3:A2:D6:FA:D6:51:67:8E:96:D2:4E:24:D1:9D:71:FE:38:04:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mdOi1vrWUWeOltJOJNGdcf44BAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/410d94-af78-4397-adfe-48d738c5947d/1/NRAq01Sd_CtlNwktqIvCtODPpfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/410d94-af78-4397-adfe-48d738c5947d/1/mdOi1vrWUWeOltJOJNGdcf44BAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.59.128.0-164.59.130.255
                  164.60.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6f:f2:3b:b4:48:79:1e:4d:a0:5c:8c:da:42:a6:d8:29:22:d4:
         5d:af:c9:ba:82:92:88:86:57:b6:25:d0:11:d0:6a:d6:c8:00:
         92:6d:77:11:9c:57:47:34:aa:ae:87:6f:fc:02:51:18:15:de:
         16:46:35:e1:34:78:e4:c0:f6:89:0b:a4:bf:1a:0c:30:81:5e:
         20:c5:c9:ed:aa:db:42:68:93:8b:99:90:10:4a:c1:9e:85:b1:
         1c:96:99:77:8e:61:91:2a:6f:86:1d:46:f7:76:2a:92:21:76:
         c6:7e:dc:04:6e:be:de:e1:9f:3a:4d:c4:11:9e:cb:52:58:fa:
         cb:10:d4:37:d1:80:73:b2:85:7c:0e:40:82:3e:72:33:96:f1:
         2d:63:f8:31:09:aa:4b:30:74:eb:c4:2b:0a:45:a6:2a:28:a0:
         66:0a:1e:ee:f3:dc:d0:13:39:8a:4c:f3:f0:29:71:2d:b4:0d:
         67:9f:b7:08:83:3e:7f:f3:51:0e:44:b8:70:49:ce:0e:bd:77:
         98:ad:fd:10:a7:ff:d5:a6:18:97:29:24:c8:62:11:c3:1f:74:
         fe:a0:7d:35:2c:e4:0e:76:15:39:c5:95:79:a0:90:b9:de:e0:
         7e:af:6b:15:40:6b:b4:1b:1f:02:0a:6f:d5:ba:b4:ab:38:92:
         38:85:f9:36
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYVzcW/3rFlUP18EwTxw5R9BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZDNhMmQ2ZmFkNjUxNjc4ZTk2ZDI0ZTI0ZDE5ZDcxZmUz
ODA0MDkwHhcNMjMwMTAyMTcwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTEwMmFkMzU0OWRmYzJiNjUzNzA5MmRhODhiYzJiNGUwY2ZhNWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjK3I3Edf1tMSxf6Gpj+1QiYX+gk
xkvNfjXmyl0/F77zUz2UtFSYrYP7r4oQ2h5LPhQClE5X+pnxNVLNfhuiUS7p5sSg
TzfNBJBRh2coD1LNHV7HG68BkPYMaecBWr9EmwFzna5RNWNBuOucpLHsLwJO076R
sFlZhqaEaoIylDB7Q3QeZdL+7lu3lVdXmBSK+KSXW6vNuWwMsZBLpJGNgndnP3dk
LrIgGHN7ogZYTPlD4fZZ/jlP/tQ0rPV7iOTQwst/YX6VAnSANIVTjFf4wGI+JWoq
Jw6bsd8msCPCDe9HzDs1Tm3TOxVc1Qo+VkbAQ9yCgNhPO5vACxJ+qDzgNQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFDUQKtNUnfwrZTcJLaiLwrTgz6X3MB8GA1UdIwQY
MBaAFJnTotb61lFnjpbSTiTRnXH+OAQJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWRPaTF2cldVV2VPbHRKT0pOR2RjZjQ0QkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS80MTBkOTQtYWY3OC00Mzk3LWFkZmUt
NDhkNzM4YzU5NDdkLzEvTlJBcTAxU2RfQ3RsTndrdHFJdkN0T0RQcGZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS80MTBkOTQtYWY3OC00Mzk3LWFkZmUtNDhkNzM4YzU5NDdk
LzEvbWRPaTF2cldVV2VPbHRKT0pOR2RjZjQ0QkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATMAwDBAekO4AD
BACkO4IDAwCkPDANBgkqhkiG9w0BAQsFAAOCAQEAb/I7tEh5Hk2gXIzaQqbYKSLU
Xa/JuoKSiIZXtiXQEdBq1sgAkm13EZxXRzSqrodv/AJRGBXeFkY14TR45MD2iQuk
vxoMMIFeIMXJ7arbQmiTi5mQEErBnoWxHJaZd45hkSpvhh1G93YqkiF2xn7cBG6+
3uGfOk3EEZ7LUlj6yxDUN9GAc7KFfA5Agj5yM5bxLWP4MQmqSzB068QrCkWmKiig
Zgoe7vPc0BM5ikzz8ClxLbQNZ5+3CIM+f/NRDkS4cEnODr13mK39EKf/1aYYlykk
yGIRwx90/qB9NSzkDnYVOcWVeaCQud7gfq9rFUBrtBsfAgpv1bq0qziSOIX5Ng==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:40 2024 by rpki-client on console-fra.rpki-client.org